Solved: Re: Licenses confusion for Office Mode IPs with on...

Moosa · ‎2023-12-06

Hello Check Mates Experts,

I have a licensing issue that I am not able to get answered wtih Support or with Sales.

I have Azure deployment of Cloudgaurd GW and SMS (both are seprate VMs) and Remote Acccess VPN is configured for users with split tunnle.

The client application is Endpoint Secuirty VPN on Windows Machines.

on GW only the IPsec Blade is actiavted (Mobile Access is not activated)

This solutions works for us and I have tried the SecuRemote but that does not work nor I want to go that way as this is a working solutions implemented in prodcution at this point.

However when we bought licenses due to confusion that Mobile Blade is not enabled the CPSB-MOB-XXX license was not included and now we are limited to 5 VPN users (Office Mode IPs).

I have gone through following forum where @PhoneBoy has mentioned that this is the licenses that is needed.

Solved: Office Mode IP Address - Check Point CheckMates

But here is the confusion:

According to Licenses guide shared by sales engineer, Check Point VPN License Guide
We would need this licenses ins seciton Endpoint Security Remote Access VPN (CPSB-EP-VPN) we would need CPVP-VSC-5-NGX+<N> CPEP-PERP CPSB-SWB ? the guide does not mention whether this will provide Office IP addresses though?

But previousl Sales Engineer suggested to buy CPSB-MOB-XXX which definitely provides Office Mode IPs but would we need to enable Mobile Access Blade on GW with that? or does it work without enabling it?

and whichever is the correct answer, does it matter what type of licenses is on Managemnet Server?

Thanks

PhoneBoy · ‎2023-12-14

If your clients are 100% Windows, yes, you can use MOB licenses and do not need to enable Mobile Access on the relevant gateways.
Mac clients must be licensed (using Harmony Endpoint or CPEC-ACCESS SKUs).

View solution in original post

the_rock · ‎2023-12-06

Honestly, to be 100% sure, I would verify all this with Account services. What I had been doing for the last 15 years is "slap" the eval for anything while waiting for the actual renewal.

Andy

Moosa · ‎2023-12-07

Yes, that's what we have right now, Eval for everything, but having hard time getting a correct answer from sales.

the_rock · ‎2023-12-07

If that is the case, just call Account services and they will help you right away. I never had any issues when I called them myself, whoever I spoke with, they were always able to help me the first time.

Regards,

Andy

Moosa · ‎2023-12-07

I guess I will have to reach out to them again, I had a ticket with Account Services but they asked me that our sales engineer is the best person to talk to and that's where things stopped progressing.

the_rock · ‎2023-12-07

Im surprised thats what they told you, I would honestly call and maybe explain the whole situation.

Andy

Chris_Atkinson · ‎2023-12-06

Sometimes what works versus what is correct differs.

License type by method are outlined here: Check Point Remote Access Solutions - Gateway-Based Access

Or as Andy has mentioned Account Services can validated as needed.

CCSM R77/R80/ELITE

PhoneBoy · ‎2023-12-14

If your clients are 100% Windows, yes, you can use MOB licenses and do not need to enable Mobile Access on the relevant gateways.
Mac clients must be licensed (using Harmony Endpoint or CPEC-ACCESS SKUs).

Moosa · ‎2023-12-15

Thank you, I wanted to cofirm this exactly.

Are you a member of CheckMates?

Licenses confusion for Office Mode IPs with only IPsec VPN blade on GW